Fax machines exposing companies to hackers

by AKANI CHAUKEJOHANNESBURG, (CAJ News) – ORGANISATIONS and individuals could be hacked via their fax machines using newly discovered vulnerabilities in the communication protocols used in tens of millions of fax devices globally.

This is according to new research by a leading provider of cyber-security solutions globally, which warns that a fax number is all an attacker needs to exploit the flaws and potentially seize control of a company or home network.

The Check Point research demonstrated the vulnerabilities in the popular all-in-one fax printers.

The same protocols are also used by many other vendors’ faxes and multifunction printers, and in online fax services such as fax2email, so it is likely that these are also vulnerable to attack by the same method.
Not often perceived as modern-day technology, there are over 45 million fax machines in use in businesses globally, with 17 billion faxes sent every year. It is still widely used in several sectors such as healthcare, legal, banking and real estate, where organizations store and process vast amounts of highly sensitive personal data.

Yaniv Balmas, Group Manager, Security Research at Check Point, said many companies might not even be aware they have a fax machine connected to their network, but fax capability was built into many multifunction office and home printers.

“This groundbreaking research shows how these overlooked devices can be targeted by criminals and used to take over networks to breach data or disrupt operations,” Balmas said.

Balmas urged organisations protect themselves against these possible attacks by updating their fax machines with the latest patches and separating them from other devices on their networks.

“It’s a powerful reminder that in the current, complex fifth-generation attack landscape, organizations cannot overlook the security of any part of their corporate networks,” Balmas said.

The results of the 2017 research show that the overall level of protection against external attackers was assessed as low or extremely low for 43 percent of analysed companies. 73 percent of successful external attacks on the network perimeters of organisations in 2017 were achieved using vulnerable web applications.

Another common vector for penetrating the network perimeter was an attack on publicly available management interfaces with weak or default credentials.

Kaspersky urged companies to pay special attention to web application security, run regular security assessments for IT-infrastructure and ensure that information security incidents are detected as early as possible.– CAJ News